Passed CISA Exam - 1/4
Hi everyone. I recently passed the exam and wanted to share my experience as this community helped me a lot. But, I would say this at the beginning to not take this post as gospel and proceed with the same approach. Everyone is unique and you should read other posts for different prospectives.
Work experience: I’m currently a Senior IT auditor in one of the big four and starting in the audit space in 2019. The certification was required for my promo to manager. I started studying last year in summer and before the new version was suppose to come out in August but decided to wait since the changes were minor.
Study materials: I primarily relied on the Hemang Doshi Udemy course and the QAE. I went through Cyvitrix course recently since it had some videos related to the new topics like AI, machine learning to make sure I covered all grounds. The courses were free for me because of work. So, if you have to pick one, I would go with the Hemang Doshi one.
I bought the CRM book as well but did not have the focus to go through it. I personally prefer live interaction to learn and kind of wasted money with the book.
I definitely recommend going through the QAE few times but I disagree with few of the other users who mentioned that you need above 80% on the domains and exams to pass. I personally stayed around 75% and thought it was counter productive to keep going through the same questions. If you understand the rationale behind the right answer, that is more important.
Exam experience: I decided to take the exam at a testing site nearby to my city. Not sure if this applies to all testing centers but I got there early and they let me start since there were open stations. Also, I felt way more focused and without the worry of losing WiFi or connection.
If I can give you one advice, it would be to take your time. I personally took almost all of the 4 hours because I went through the questions multiple times. There are some questions that have tricky verbiage. My approach was the following and provided estimates with each scenario:
At the beginning, I spent around a min on each question and flagged the ones that I wanted to revisit. If the answer did not stood out to me, I flagged it and move to the next one. This took around 75 mins as I just read few and knew I needed to think deeply. I think it was around 30 or so questions where the answer was clear to me.
The second round was where I started answering the questions where I felt pretty confident with the answer. This took around 90 mins. I kept questions flagged where I was fighting between answers or did not know it clearly. I had around 70 questions that were still flagged at this point.
The third round was where I focused on questions with two right options. This took around 45 mins and I was down to 30 questions where I was unsure.
The final 30 mins were spent on going through the remaining flagged questions. I finished 10 mins early since I ready these questions multiple times at this point.
Another reason why I took my time is because I usually suck at standardized tests. So, there is no reason to end early if you have time.
I mentioned this another recent post but I personally thought the exam questions were more straight forward and easier to understand compared to the QAE. This was the key reason why I decided to take the exam even though I was questioning if I was fully ready. At some point, it was diminishing returns for me and if you feel you are the same point, I recommend taking the exam just so you understand how the questions are worded and what domains to focus on. I personally recommend getting a stronger understanding in the first two since the final three are the harder domains. From the last three domains, I recommend focusing on Business Continuity, Disaster Recovery, SDLC and encryption.
Apologies for the wordy post but wanted to share as much details that I could. If you have any questions, I will try my best to answer. Again, I highly recommend to read other users experience.
Hi everyone. I recently passed the exam and wanted to share my experience as this community helped me a lot. But, I would say this at the beginning to not take this post as gospel and proceed with the same approach. Everyone is unique and you should read other posts for different prospectives.
Work experience: I’m currently a Senior IT auditor in one of the big four and starting in the audit space in 2019. The certification was required for my promo to manager. I started studying last year in summer and before the new version was suppose to come out in August but decided to wait since the changes were minor.
Study materials: I primarily relied on the Hemang Doshi Udemy course and the QAE. I went through Cyvitrix course recently since it had some videos related to the new topics like AI, machine learning to make sure I covered all grounds. The courses were free for me because of work. So, if you have to pick one, I would go with the Hemang Doshi one.
I bought the CRM book as well but did not have the focus to go through it. I personally prefer live interaction to learn and kind of wasted money with the book.
I definitely recommend going through the QAE few times but I disagree with few of the other users who mentioned that you need above 80% on the domains and exams to pass. I personally stayed around 75% and thought it was counter productive to keep going through the same questions. If you understand the rationale behind the right answer, that is more important.
Exam experience: I decided to take the exam at a testing site nearby to my city. Not sure if this applies to all testing centers but I got there early and they let me start since there were open stations. Also, I felt way more focused and without the worry of losing WiFi or connection.
If I can give you one advice, it would be to take your time. I personally took almost all of the 4 hours because I went through the questions multiple times. There are some questions that have tricky verbiage. My approach was the following and provided estimates with each scenario:
At the beginning, I spent around a min on each question and flagged the ones that I wanted to revisit. If the answer did not stood out to me, I flagged it and move to the next one. This took around 75 mins as I just read few and knew I needed to think deeply. I think it was around 30 or so questions where the answer was clear to me.
The second round was where I started answering the questions where I felt pretty confident with the answer. This took around 90 mins. I kept questions flagged where I was fighting between answers or did not know it clearly. I had around 70 questions that were still flagged at this point.
The third round was where I focused on questions with two right options. This took around 45 mins and I was down to 30 questions where I was unsure.
The final 30 mins were spent on going through the remaining flagged questions. I finished 10 mins early since I ready these questions multiple times at this point.
Another reason why I took my time is because I usually suck at standardized tests. So, there is no reason to end early if you have time.
I mentioned this another recent post but I personally thought the exam questions were more straight forward and easier to understand compared to the QAE. This was the key reason why I decided to take the exam even though I was questioning if I was fully ready. At some point, it was diminishing returns for me and if you feel you are the same point, I recommend taking the exam just so you understand how the questions are worded and what domains to focus on. I personally recommend getting a stronger understanding in the first two since the final three are the harder domains. From the last three domains, I recommend focusing on Business Continuity, Disaster Recovery, SDLC and encryption.
Apologies for the wordy post but wanted to share as much details that I could. If you have any questions, I will try my best to answer. Again, I highly recommend to read other users experience.